Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
2
Replies

Secure Endpoint Cloud IOC not displaying in Device Trajectory

Davedog
Level 1
Level 1

‎11-02-2022 09:09 AM

We output Secure Endpoint events to our SIEM.   I am seeing Cloud IOC events in the SIEM, however, upon review of the endpoint in Secure Endpoint, the IOC indicators are displayed.  This appears to be true of low-criticality events.   Also, when I attempt to view cloud IOC events, my only option is to download a CVE of the events as they are not displayed in the console.  The resulting excel spreadsheet is incomplete.

 

 

0 Helpful
2 Replies 2

Arunkumar Sathasivam
Cisco Employee
Cisco Employee

‎11-14-2022 11:42 PM

Hi Davedog

 

Cloud IOC event will available in Device trajectory. You Navigate to device trajectory by clicking

 

 Dashboard --> Event --> Filter IOC in event type --> Click Device trajectory button next to event Severity level --> now you can view Cloud IOC in trajectory  System Tab and  event details. Kindly find below screenshot as well for more understanding

 

 

 

 

Kindly let know if you have more queries about  Cloud IOC information

 

 

Regards

Arunkumar

0 Helpful

Troja007
Cisco Employee
Cisco Employee

‎11-16-2022 07:57 AM

Hello @Davedog ,
if the events shown in the console are different to what you see from the Event Stream, you might check with TAC if there are any issues. Does the issue still exist?
Greetings, Thorsten

0 Helpful
Customers Also Viewed These Support Documents